It is quite easy to create private helm chart repository using chartmuseum . I created mine on Kubernetes using chartmuseum chart where I only updated very few values in default values.yaml

And created secret chartmuseum-secret with

kubectl create secret generic chartmuseum-secret --from-literal="basic-auth-user=curator" --from-literal="basic-auth-pass=password"

Then installed chartmuseum chart itself:

helm repo…

I have an example of running jenkins pipelines on kubernetes where every step is executed in separate container.

By default the first container (first of 3/3) is the jenkins slave and the rest can be defined in the pipeline. In my example the other two containers are ‘tf’ running terraform (default if step doesn’t define which container to run within) and ‘ansible’ with just ansible.

agent {    
kubernetes {
defaultContainer 'tf'
yamlFile 'pipelines/additionalAgents.yaml'

Pod manifest lives inside yaml file, declaring where to pull images from and what secret to use in the case of private registry

Grafana Loki is pretty good log aggregation service which I am using even on my PCs. Running Grafana, Loki and Promtail locally (an agent which ships the contents of local logs to a Loki instance) through docker compose. You can learn it all from Udemy. See my repo here, where…

Terratest by Gruntwork looks like a good tool for running tests against terraform code. I tried quick example from this repo, which tests the resource group creation snippet below

with output “resource_group_name” (in The terratest test code (written in Go) located in ‘tests’ subdirectory “rg_test.go” …

I have ansible playbook which I normally use with regular jenkins pipeline to push Panorama (Palo Alto Networks) security policies to firewalls (device groups).

Recently I included this pipeline into groovy script panoramaPushdgDocker in my Jenkins shared pipeline libraries. It is parametrized with dockerfilePath (if docker agent in use), panorama_api_key, ip_address (Panorama IP address) and device_group.

def call (body) {   
def config = [:]
body.resolveStrategy = Closure.DELEGATE_FIRST
body.delegate = config
pipeline {
agent {
dockerfile {
dir "${config.dockerfilePath}"
environment { API_KEY=credentials("${config.panorama_api_key}")
stages {
stage('Push Panorama device groups') {
steps {
sh """
ansible-playbook -i "localhost," ${config.playbook_path} -e "api_key=$API_KEY ip_address=${config.ip_address} device_group=${config.device_group}"

Now I can make my Jenkinsfile generic. It will pull groovy script panoramaPushdgDocker from my shared jenkins pipeline repo.

@Library('') _
panoramaPushdgDocker {
panorama_api_key="panorama_api_key" playbook_path="./pipelines/panorama_push_device_group.yml" ip_address="" device_group="device_group_name" dockerfilePath="pipelines/Z-Irek"

Solarwinds Orion has pretty good API monitoring where you can setup the whole thing in Web UI but my use case is Dynatrace (DT) synthetic monitor (scripted http monitor). It is possible to create synthetic monitor with multiple http requests. In my case the first request ‘get metric’ is to…

Irek Romaniuk

Here are my NNs ‘nanonotes’, excuse the brevity and typos. I’m based in RI, working as security and automation engineer for a fin-tech company in Boston.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store